Create system_administrator rbac role in migration

* We had race conditions with the system_administrator role being created just-in-time. Instead of fixing the race condition(s), dodge them by ensuring the role always exists
2026-01-08 14:32:07 -03:30 · 2025-10-01 14:59:54 -04:00 · 2025-10-01 14:59:54 -04:00 · f51af03424
commit f51af03424
parent 622f6ea166
2 changed files with 12 additions and 0 deletions
--- a/awx/main/migrations/0201_create_managed_creds.py
+++ b/awx/main/migrations/0201_create_managed_creds.py
@ -10,6 +10,11 @@ def setup_tower_managed_defaults(apps, schema_editor):
    CredentialType.setup_tower_managed_defaults(apps)


+def setup_rbac_role_system_administrator(apps, schema_editor):
+    Role = apps.get_model('main', 'Role')
+    Role.objects.get_or_create(singleton_name='system_administrator', role_field='system_administrator')
+
+
 class Migration(migrations.Migration):
    dependencies = [
        ('main', '0200_template_name_constraint'),
@ -17,4 +22,5 @@ class Migration(migrations.Migration):

    operations = [
        migrations.RunPython(setup_tower_managed_defaults),
+        migrations.RunPython(setup_rbac_role_system_administrator),
    ]
--- a/awx/main/tests/functional/test_migrations.py
+++ b/awx/main/tests/functional/test_migrations.py
@ -167,3 +167,9 @@ class TestMigrationSmoke:
            assert CredentialType.objects.filter(
                name=expected_name
            ).exists(), f'Could not find {expected_name} credential type name, all names: {list(CredentialType.objects.values_list("name", flat=True))}'
+
+        # Verify the system_administrator role exists
+        Role = new_state.apps.get_model('main', 'Role')
+        assert Role.objects.filter(
+            singleton_name='system_administrator', role_field='system_administrator'
+        ).exists(), "expected to find a system_administrator singleton role"